DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Claims 1-19 and 21 have been rejected.
Claim Objections
Claim 1 is objected to because of the following informalities: 
Claim 1 is missing an “and” before the performing element.
Appropriate correction is required.
Specification
Claims 1, 8, and 15 recite claimed subject matter of “API calls.” 
The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Given that there is no mention of API calls (only APIs), the language fails to have antecedent basis found in the Spec. 
Correction of the following is required: Please amend Spec. to provide a glossary style definition in the Specification of “API calls” without adding new matter. Applicant may make this requirement moot by removing API calls in the claim language.
Reponses to Arguments
Applicant submits that “API calls” are a critical features. Arguments rendered moot, and new ground of rejected.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):



The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-19 and 21 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.

New Matter of API calls
In Remarks (01/22/2021), Applicant submits that “[n]o new matter is added,” and with substantial amendments does not outline where the newly added subject matter can be found. MPEP 2163 recites: “With respect to newly added or amended claims, applicant should show support in the original disclosure for the new or amended claims.” For example, claims 1, 8, and 15 recite: “receiving…one or more application programming interface (API) calls […] in response to receiving the one or more API calls […] modifying…specified in the one or more API calls….”
The Spec. (0016-0017) only mentions API (not API call) a total of three times. Further, there is no mention of API calls within the Specification. Given that Applicant has not pointed out where “API calls” can be found and/or how they are distinguished from APIs, new matter is added.
Further, the API’s in the Spec. (0016-0017) refer to the operations performed by the “payment 
Claims (i) 2-7, (ii) 9-14, and (iii) 16-19 and 21 are rejected as each depends on claims 1, 8, and 15, respectively.

Possession of API calls
Examiner submits that “API call” is a term of art. This term of art is a critical feature because Applicant submits that Collison does not teach the API calls. (Remarks 01/22/2021 at 9.) Similarly, the Spec. (0018) discloses that “API has significant benefits.”
This term of art can be found in the prior art. For example, Chawla (US2014005617A1) (filed Aug. 13th 2013) discloses “Call New APIs” in Fig. 7M with a disclosed “API Path” 731a. This embodiment is used when “desired API tools are not listed.” (Id. at 0165.) Ultimately, a lightbox 735 is generated with the API path (731a) with a corresponding Method (731b). (Id. at 0165-0168; see also 0158 (API call with HTTP POST).) 
By contrast, the instant Spec. makes no mention of API paths, GETs, POSTs, HTTPs, and the like. Nor does the Specification go into detail on how APIs are used. As such, one skilled in the art in web development technologies cannot ascertain that Applicant has possession for API calls at the time of the filing date. (MPEP 2161.01.)

New Matter of Server Public Key
Claim 8 recites: “in response….using a public key associated with the server….” The public key is associated with the third party processor according to para. 0030 of the Spec. New Matter.
Claims 9-14 are rejected as each depends on claim 8.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.


The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3, 5-7, 15-17, 19, and 21 are rejected under AIA  35 U.S.C. 103(a) as being unpatentable over Chawla US20140052617A1 in view of US20100094755A1 Kloster.
Regarding claim 1 Chawla teaches the customer provision of widgets on a merchant site:
receiving one or more application programming interface (API) calls from a merchant web page (0054 “API-Tool may receive request parameters”, 0063 “request information”, 0111 “API generation request” & Fig. 1A Item 112, Fig. 3B Item 325 (flow diagram), Figs. 7(A-Q)) rendered in a web browser of a user device (0062 & Figs. 11-12), wherein the merchant web page includes a first set of data entry fields (0065 & Fig. 1B Items inside 115 such as “Card Number”), (Examiner submits that the teachings of Chawla are non-limiting. That is, Chawla teaches that requests may come from the developers themselves or from the merchants, see 0063; see also 0072 & Fig. 2A) and wherein the one or more API calls include a set of parameters representing a style configuration (0065, 0079, 0242 (discussing skin), 0234 (discussing skill and color) & Fig. 21A Item 208 “Customize Widget Skin,” Fig. 21B Items 2113, 2114) (Examiner notes that a conventional payment interface 115 is transformed into a dynamic-button-triggered light box webpage 120 after XML has been incorporated. This is the “style” in the instant claim language best shown in Fig. 1B of Chawla. In a non-limiting way, the style is applied to the light box. Further, the light box, in a non-limiting way, can be styled with text, see 0160 & Fig. 7F Item 719. This process overview can be seen in Fig. 3B Items 331-333. Further still, a light box may be created when the “merchant’s desired API tools” are not listed, see 0165 & Fig. 7M TITLE “Call New APIs”. As such, API calls are taught. Further still, the XML manual incorporation, in an alternative embodiment by be performed dynamically. Examiner notes that widgets may be dynamically generated in an alternative embodiment, see 0200 “obtain advantages of easy integration” This is by supplemental to the XML files that are copied and pasted (i.e. manually by developer) into the source code of the merchant website, see 0113 & Fig. 3B Item 338. As such, in an alternative or joint manner, API calls are taught given that the API Tool tags are utilized, see 0209 & Fig. 16 Item 1635.);
in response to receiving the one or more API calls, generating customized programming code (0069 (displaying options for multiple computer codes); Fig. 1D Item computer code inside 143) (Examiner notes that merchant websites of Chawla may be hosted in a plurality of languages, see 0069. This languages make the API Tool “develop the API XML” based on the “determined source language….” (Id. at 0069.) Ultimately, the API-Tool sends the bespoke code for the merchant via XML format, see 0069; see also 0078 & Fig. 2A Item 222) for a second set of data entry fields according to the style configuration represented by the set of parameters in the one or more API calls (0065, 0079, 0239, 0243-0244) (Examiner submits that there are a new second set of entry fields found in Fig. 1B Item 120. Examiner notes that “custom_widget_skin” is used for modifications, see 0104. Examiner also notes that the button is represented as <v:buy>…</v:buy>, see Fig. 21A Item 2109 (tagging custom skin).);
modifying the merchant web page to render (Fig. 2A Item 235; 0079 “updated merchant site UI”; see also Fig. 1B Item 120, Fig. 16 Item 1640 (dynamic generation))…second set of data entry fields within the merchant web page according to the style configuration specified in the one or more API calls based on the customized programming code (0065, 0079);
configuring a submit button of the merchant webpage (Fig. 12B Item 1220e; 0190-0191) (Examiner notes, in one exemplary embodiment, this is a light box 1220 with pay button. Further, it can be appreciated that the button may be programmatically augmented with “inline logic such as JavaScript,” see 0223. Specifically, a “callback function” can be “triggered in a buy button tag[.]” (Id. at 0226.) For example, if an account was debited successfully, an alert (i.e. pop up or the like) may be displayed. Id. at Table below 0226 Item alert(msg) based on eventType==”debit.success”)…
in response to receiving a selection of the submit button of the merchant web page (0190 “The consumer may then complete the purchase by select the pay button 1220d [sic, 1220e].” & Fig. 12B Item 1220e (displaying light box with pay button); see also 0196 (disclosing further detail on checkout with light box) & Fig. 14 Items 1450-1460 (same))…
performing a transaction based on the second set of data (0190 “The consumer may then complete the purchase by select the pay button 1220d [sic, 1220e].” & Fig. 1B (credit card number), Fig. 12B Item 1220e (displaying light box with pay button); see also 0196 (disclosing further detail on checkout with light box) & Fig. 14 Items 1450-1460 (same)).
Chawla does not teach:
one or more inline frames […]to transmit different portions of data obtained from the first and second sets of data entry fields to different servers;
[using iframes] transmitting a first set of data corresponding to the first set of data entry fields to a merchant server associated with the merchant web page and transmitting a second set of data corresponding to the second set of data entry fields to a payment processing server…
Kloster teaches processing transactions with forking data with inline frames:
one or more inline frames […]to transmit different portions of data obtained from the first and second sets of data entry fields to different servers (0015 “It is contemplated that any non-sensitive data could be retrieve via an inline frame…by the merchant”, 0016 “By embedding the inline frame…the payment system server 102 is to received…payment data….Further, the [] merchant may host its own form(s)[] for capturing information…..”; see also Fig. 1 Item 112 (pointing to Payment System Server)) (Examiner submits that sensitive data is sent to a payment server whereas other data may be sent to the merchant using iframes.)
[using iframes] transmitting a first set of data corresponding to the first set of data entry fields to a merchant server (0015) associated with the merchant web page (0015, 0022 “embedding directly within a website [of] a business entity….”) and transmitting a second set of data corresponding to the second set of data entry fields to a payment processing server (0016, 0023 & Fig. 1 Item 112)…

Direction of Chawla — (I) Widgets and (II) Payment Processing:
Examiner submits that Chawla, as a whole, is directed towards the creation of widgets on websites. (Id. at TITLE.) Specifically, Chawla utilizes an API Tool Server to create custom widgets based on parameters. (Id. at Abstract.) Further, Chawla is directed towards payment circuits. That is, after the widgets are integrated into the webpage, the widgets can be used to facilitate a transaction. Compare Fig. 14 Item 1415 (widget generation) with Fig. 14 Item 1425 (purchase with widget). Specifically, the API Tool acquires the customer order at the seller server. (Id. at 0214.) Ultimately, the payment is forwarded to acquirers and issuers through a payment gateway. (Id. at 214; see also Figs. 19(A-C).) As such, Chawla is also directed towards payment processing.

Direction of Kloster — Payment Processing with Iframes
Similar to Chawla, Kloster is directed towards “online transactions utilizing.” (Kloster at TITLE.) Further still, both Chawla and Collison teach iframes within web technologies, wherein the web technologies in Kloster utilize at least HTML and Javascript similar to that of Chawla, see Kloster at 0018, 0020. Given that both disclosures are directed towards payment processing and web development technologies, there exists a nexus.

Resolving Skill POSITA for Iframes:
When resolving one of skill in the art, it can be appreciated that a website developer (i.e. one skilled in web development technologies and corresponding languages) would be skilled in at least PHP, Javascript, Python, and many others, see Id. at 0069 & Fig. 1D Item 143.
In other embodiments, it can also be appreciated by one of skilled in the art of web technologies that iframes where known at the time of the disclosure of Chawla. Specifically, Chawla discloses iframes in at least the following sections: 0171, 0182, 0184, 0185, 0186, and 0188. In light of Chawla, it can also be appreciated that iframes are incorporated into content sites and may have at least web applications nest therein. See, e.g., 0171 & Fig. 8A Items 810, 815, and 820 inside iframe 805. 
Therefore, given that iframes are old in the art and given that iframes are used in a plurality of ways and are integrated with a plurality of web elements, the Examiner resolves one of skill in the art as low for the use of iframes based on their status within the art. Put another way, iframes are an old element.

Deficiencies of Chawla:
While Chawla is deficient with the use of iframes, wherein, according to the claim language, the claimed iframes are capable of “transmit[ing] different portions of data obtained,” the Examiner submits that a modification of the iframes in Chawla may be obviously modified to remedy any deficiencies given the state of the prior art. 

Motivation:
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filing date to modify the custom generation of merchant widgets teachings of Chawla, which includes 

Regarding claim 2 Chawla teaches:
wherein the modifying the merchant web page (Fig. 2A Item 235; 0079 “updated merchant site UI”; see also Fig. 1B Item 120, Fig. 16 Item 1640 (dynamic generation)) further comprises transmitting a scripting file to the user device (0069) (Examiner is taking Javascript in Chawla as a scripting language. For example, the XML used in Chawla is a “package,” Chawla at 0069. See also 0152 (disclosing XML and Javascript Object Notation (JSON) for API request data), 0207 (specifying script type as javascript in <body> tag). This packaged is “readable by the determined source language 142b[,]” which may be at least Javascript. See also 0148 (disclosing Javascript as part of “scripting commands”.).

Regarding claim 3 Chawla teaches:
wherein the using scripting file comprises code (Examiner is taking Javascript in Chawla as a scripting language. For example, the XML used in Chawla is a “package,” Chawla at 0069. See also 0152 (disclosing XML and Javascript Object Notation (JSON) for API request data), 0207 (specifying script type as javascript in <body> tag). This packaged is “readable by the determined source language 142b[,]” which may be at least Javascript. See also 0148 (disclosing Javascript as part of “scripting commands”.) corresponding to a stylesheet language (Examiner is taking “stylesheet” language under BRI in light of the Spec. found in paras. 0021, 0022, 0024, and 0035, which discloses a language for modifying the appearance. Further, the claim language is just broad with “implements the style configuration.” Examiner also notes that the language of “corresponding” is merely broad language. Accordingly, the stylesheet language of the button tag <v:buy> corresponds to the Javascript during the custom design process. Compare Fig. 21A Item 2101 (JavaScript) with Fig. 21A Item 2108 (Sample Code)) that implements the style configuration (0065, 0079, 0243 & Fig. 21b).

Regarding claim 5 Chawla teaches:
wherein the set of parameters further specifies a particular text for display in the second set of data entry fields (0160 & Fig. 7F Item 719).

Regarding claim 6 Chawla teaches:
wherein the set of parameters further specifies a plurality of appearances (0065, 0079, 0239, 0243-0244) for a plurality of corresponding element states for the second set of data entry fields (0226; Table below 0226 Items “handVmeEvents” for function and “handleVmeEvents” set by “callback”) (Examiner notes that the “element states” are taught by the Event Types, see Table below 0225. Further, it can be appreciated by a POSITA that the <v:buy> tags can be augmented with the widget skills, see 0242-0243, in a non-limiting manner.).

Regarding claim 7 Chawla teaches:
wherein the second set of data comprises credit card data (0213, Table below <creditcard_number>, 0215), and wherein the performing the transaction comprises charging a credit card based on the credit card data (0213 “payment authorization”, 0215).

Regarding claim 15 Chawla teaches:
receiving, from a merchant web page (0054 “API-Tool may receive request parameters”, 0063 “request information”, 0111 “API generation request” & Fig. 1A Item 112, Fig. 3B Item 325 (flow diagram), Figs. 7(A-Q)) rendered in a web browser of a user device (0062 & Figs. 11-12) one or more application programming interface (API) calls, wherein the merchant web page includes a first set of data form fields, and wherein the one or more API calls include a set of parameters representing a style configuration (0065, 0079, 0242 (discussing skin), 0234 (discussing skill and color) & Fig. 21A Item 208 “Customize Widget Skin,” Fig. 21B Items 2113, 2114);
in response to receiving the one or more API calls (0054 “API-Tool may receive request parameters”, 0063 “request information”, 0111 “API generation request” & Fig. 1A Item 112, Fig. 3B Item 325 (flow diagram), Figs. 7(A-Q)), generating customized programming code for a second set of data form fields (0069 (displaying options for multiple computer codes); Fig. 1D Item computer code inside 143)  according to the style configuration represented by the set of parameters (0065, 0079, 0239, 0243-0244);
modifying the merchant web page to render (Fig. 2A Item 235; 0079 “updated merchant site UI”; see also Fig. 1B Item 120, Fig. 16 Item 1640 (dynamic generation))…corresponding to the second set of data form fields within the merchant web page according to the style configuration specified in the one or more API calls based on the customized programming code (0065, 0079);
in response to receiving a selection of a submit button of the merchant web page (0190 “The consumer may then complete the purchase by select the pay button 1220d [sic, 1220e].” & Fig. 12B Item 1220e (displaying light box with pay button); see also 0196 (disclosing further detail on checkout with light box) & Fig. 14 Items 1450-1460 (same))…
performing a transaction based on the second set of data (0190 “The consumer may then complete the purchase by select the pay button 1220d [sic, 1220e].” & Fig. 1B (credit card see also 0196 (disclosing further detail on checkout with light box) & Fig. 14 Items 1450-1460 (same)).
Chawla does not teach:
one or more inline frames […]to transmit different portions of data obtained from the first and second sets of data entry fields to different servers;
[using iframes] transmitting a first set of data corresponding to the first set of data entry fields to a merchant server associated with the merchant web page and transmitting a second set of data corresponding to the second set of data entry fields to a payment processing server…
Kloster teaches:
one or more inline frames […]to transmit different portions of data obtained from the first and second sets of data entry fields to different servers (0015 “It is contemplated that any non-sensitive data could be retrieve via an inline frame…by the merchant”, 0016 “By embedding the inline frame…the payment system server 102 is to received…payment data….Further, the [] merchant may host its own form(s)[] for capturing information…..”; see also Fig. 1 Item 112 (pointing to Payment System Server));
[using iframes] transmitting a first set of data corresponding to the first set of data entry fields to a merchant server (0015) associated with the merchant web page (0015, 0022 “embedding directly within a website [of] a business entity….”) and transmitting a second set of data corresponding to the second set of data entry fields to a payment processing server (0016, 0023 & Fig. 1 Item 112)…

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filing date to modify the custom generation of merchant widgets teachings of Chawla, which includes the generation of iframes, with the iframes of Kloster in order to obviate security audits 

Regarding claim 16 Chawla teaches:
wherein the modifying the merchant web page (Fig. 2A Item 235; 0079 “updated merchant site UI”; see also Fig. 1B Item 120, Fig. 16 Item 1640 (dynamic generation)) further comprises transmitting a scripting file to the user device (0069) (Examiner is taking Javascript in Chawla as a scripting language. For example, the XML used in Chawla is a “package,” Chawla at 0069. See also 0152 (disclosing XML and Javascript Object Notation (JSON) for API request data), 0207 (specifying script type as Javascript in <body> tag). This packaged is “readable by the determined source language 142b[,]” which may be at least Javascript. See also 0148 (disclosing Javascript as part of “scripting commands”.).

Regarding claim 17 Chawla teaches:
wherein the scripting file comprises code corresponding to appearance options are specified (Examiner is taking Javascript in Chawla as a scripting language. For example, the XML used in Chawla is a “package,” Chawla at 0069. See also 0152 (disclosing XML and Javascript Object Notation (JSON) for API request data), 0207 (specifying script type as javascript in <body> tag). This packaged is “readable by the determined source language 142b[,]” which may be at least Javascript. See also 0148 (disclosing Javascript as part of “scripting commands”.) using a stylesheet language (Examiner is taking “stylesheet” language under BRI in light of the Spec. found in paras. 0021, 0022, 0024, and 0035, which discloses a language for modifying the appearance. Further, the claim language is just broad with “implements the style configuration.” Examiner also notes that the language of “corresponding” is merely broad language. Accordingly, the stylesheet language of the button tag <v:buy> corresponds to the Javascript during the custom design process. Compare Fig. 21A Item 2101 (JavaScript) with Fig. 21A Item 2108 (Sample Code)).

Regarding claim 19 Chawla teaches:
wherein the set of parameters further specifies a particular text for display in the second set of data form fields (0160 & Fig. 7F Item 719).

Regarding claim 21 Chawla teaches:
wherein the second set of data comprises credit card data (0213, Table below <creditcard_number>, 0215), and wherein the performing the transaction comprises charging a credit card based on the credit card data (0213 “payment authorization”, 0215).

Claims 4 and 18 are rejected under AIA  35 U.S.C. 103(a) as being unpatentable over Chawla and Kloster in view of US20120143770A1 Pauker.
Regarding claim 4 Chawla teaches:
further comprise in response to receiving the selection of the submit button (Fig. 12B Item 1220e; 0190-0191), encrypting [token] corresponding to the second set of data entry fields before transmitting the encrypted [token] data to (0208 “A token is an encrypted purchase token for a purchase.” Table above 0209 “token”) (Examiner notes that the token is embedded in the buy button of “v:buy”. Ultimately, this data is forward for payment processing, see 0215 & Fig. 19A Item “token” inside “1935”; see also 0228, 0231, 0232.) the payment processing server (0190 “The consumer may then complete the purchase by select the pay button 1220d [sic, 1220e].” & Fig. 1B (credit card number), Fig. 12B Item 1220e (displaying light box with pay see also 0196 (disclosing further detail on checkout with light box) & Fig. 14 Items 1450-1460 (same)).
Neither Chawla nor Kloster teach:
…[encrypting] the second set of data…
Pauker teaches:
…[encrypting] the second set of data (Fig. 1 Items 12, 14; Fig. 3 Item <script src=”encryption_function.js”></script> […] <script type…DoEncrypt(document.ordrform.element[“CCN”], piekey, piekeyid); 0026, 0031, 0032, 0051-0059))…


Resolving Skill POSITA for Encryption:
When resolving one of skill in the art, it can be appreciated that Merchant/Developer/User and the API Tool Server establish secure communication as see in the following sections of Chawla: 0178, 0185, 0202, 0205, et seq. This secure communication is realized through the use of a “token.” See, e.g., Id. at 0202. Further, it can be appreciated by a POSITA that tokens may also be used “for a purchase.” (Id. at 0208.) Simply put, one skilled in the art of cryptography would appreciate that tokens are old in the art and are used in secure communication.

Motivation:
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filing date to modify combined transaction systems of Chawla-Kloster with the encryption of Pauker by modifying the tokenized encryption during payment found in Chawla with the encryption of 

Regarding claim 18 Chawla teaches:
wherein the operations further comprise in response to receiving the selection of the submit button (0190 “The consumer may then complete the purchase by select the pay button 1220d [sic, 1220e].” & Fig. 12B Item 1220e (displaying light box with pay button); see also 0196 (disclosing further detail on checkout with light box) & Fig. 14 Items 1450-1460 (same))…the second set of data corresponding to the second set of data form fields (0190 “The consumer may then complete the purchase by select the pay button 1220d [sic, 1220e].” & Fig. 12B Item 1220e (displaying light box with pay button); see also 0196 (disclosing further detail on checkout with light box) & Fig. 14 Items 1450-1460 (same)) before transmitting the…second set of data to the payment processing server (0190 “The consumer may then complete the purchase by select the pay button 1220d [sic, 1220e].” & Fig. 1B (credit card number), Fig. 12B Item 1220e (displaying light box with pay button); see also 0196 (disclosing further detail on checkout with light box) & Fig. 14 Items 1450-1460 (same)).
Neither Chawla nor Kloster teach:
…encrypting [payment data]…
Pauker teaches:
…encrypting [payment data] (Fig. 1 Items 12, 14; Fig. 3 Item <script src=”encryption_function.js”></script> […] <script type…DoEncrypt(document.ordrform.element[“CCN”], piekey, piekeyid); 0051-0059))…

Resolving Skill POSITA for Encryption:
When resolving one of skill in the art, it can be appreciated that Merchant/Developer/User and the API Tool Server establish secure communication as see in the following sections of Chawla: 0178, 0185, 0202, 0205, et seq. This secure communication is realized through the use of a “token.” See, e.g., Id. at 0202. Further, it can be appreciated by a POSITA that tokens may also be used “for a purchase.” (Id. at 0208.) Simply put, one skilled in the art of cryptography would appreciate that tokens are old in the art and are used in secure communication.

Motivation:
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filing date to modify combined transaction systems of Chawla-Kloster with the encryption of Pauker by modifying the tokenized encryption during payment found in Chawla with the encryption of transaction data of Pauker in order to make sure sensitive information is not divulged during transactions. (Pauker at 0003.)

Claims 8-14 are rejected under AIA  35 U.S.C. 103(a) as being unpatentable over Chawla US20140052617A1 in view of US20100094755A1 Kloster in view of US20120143770A1 Pauker.
Regarding claim 8 Chawla teaches:
receiving, by one or more hardware processors, one or more application programming interface (API) calls from a (0054 “API-Tool may receive request parameters”, 0063 “request information”, 0111 “API generation request” & Fig. 1A Item 112, Fig. 3B Item 325 (flow diagram), Figs. 7(A-Q)), web page being rendered in a web browser of a user device (0062 & Figs. 11-12), wherein the web page includes a first set of data form fields, and wherein the one or more API calls include a set of parameters representing a style configuration (0065, 0079, 
in response to receiving the one or more API calls (0054 “API-Tool may receive request parameters”, 0063 “request information”, 0111 “API generation request” & Fig. 1A Item 112, Fig. 3B Item 325 (flow diagram), Figs. 7(A-Q)), generating, by the one or more hardware processors, customized programming code for a second set of data form fields (0069 (displaying options for multiple computer codes); Fig. 1D Item computer code inside 143) according to the style configuration represented by the set of parameters (0065, 0079, 0239, 0243-0244);
modifying, by the one or more hardware processors, the web page to render (Fig. 2A Item 235; 0079 “updated merchant site UI”; see also Fig. 1B Item 120, Fig. 16 Item 1640 (dynamic generation)) …corresponding to the second set of data form fields within the web page according to the style configuration specified in the one or more API calls based on the customized programming code (0065, 0079);
configuring, by the one or more hardware processors, a submit button of the merchant web page (Fig. 12B Item 1220e; 0190-0191)…
in response to receiving a selection of the submit button of the merchant webpage (0190 “The consumer may then complete the purchase by select the pay button 1220d [sic, 1220e].” & Fig. 12B Item 1220e (displaying light box with pay button); see also 0196 (disclosing further detail on checkout with light box) & Fig. 14 Items 1450-1460 (same)), (i) transmitting a first set of data corresponding to the first set of data form fields to a server associated with the web page (0190 “The consumer may then complete the purchase by select the pay button 1220d [sic, 1220e].” & Fig. 12B Item 1220e (displaying light box with pay button); see also
performing, by the third-party payment processor device, a transaction (0190 “The consumer may then complete the purchase by select the pay button 1220d [sic, 1220e].” & Fig. 1B (credit card number), Fig. 12B Item 1220e (displaying light box with pay button); see also 0196 (disclosing further detail on checkout with light box) & Fig. 14 Items 1450-1460 (same))…
Chawla does not teach:
one or more inline frames […]to transmit different portions of data obtained from the first and second sets of data entry fields to different servers;
[using iframes] a second set of data corresponding to the second set data form field… transmitting the…second set of data to a payment processor device…
(ii) encrypting…using a public key…
decrypting, by the third-party payment processor device, the encrypted second set of data; and 
Kloster teaches:
one or more inline frames […]to transmit different portions of data obtained from the first and second sets of data entry fields to different servers (0015 “It is contemplated that any non-sensitive data could be retrieve via an inline frame…by the merchant”, 0016 “By embedding the inline frame…the payment system server 102 is to received…payment data….Further, the [] merchant may host its own form(s)[] for capturing information…..”; see also Fig. 1 Item 112 (pointing to Payment System Server));
[using iframes] transmitting a first set of data corresponding to the first set of data entry fields to a merchant server (0015) associated with the merchant web page (0015, 0022 “embedding directly within a website [of] a business entity….”) and transmitting a second set of data corresponding to the second set of data entry fields to a payment processing server (0016, 0023 & Fig. 1 Item 112)…

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filing date to modify the custom generation of merchant widgets teachings of Chawla, which includes the generation of iframes, with the iframes of Kloster in order to obviate security audits associated with merchants since sensitive data does not pass through said merchants. (Kloster at 0003.)

Neither Chawla nor Kloster teach:
(ii) encrypting…using a public key…
decrypting, by the third-party payment processor device, the encrypted second set of data; and
Pauker teaches:
(ii) encrypting…using a public key (Fig. 1 Items 12, 14; Fig. 3 Item <script src=”encryption_function.js”></script> […] <script type…DoEncrypt(document.ordrform.element[“CCN”], piekey, piekeyid); 0026, 0031, 0032, 0051-0059))……
decrypting, by the third-party payment processor device, the encrypted second set of data; and (0022-0025, 0046,  0069-0070)

Resolving Skill POSITA for Encryption:
When resolving one of skill in the art, it can be appreciated that Merchant/Developer/User and the API Tool Server establish secure communication as see in the following sections of Chawla: 0178, 0185, 0202, 0205, et seq. This secure communication is realized through the use of a “token.” See, e.g., Id. at 0202. Further, it can be appreciated by a POSITA that tokens may also be used “for a purchase.” (Id. at 0208.) Simply put, one skilled in the art of cryptography would appreciate that tokens are old in the art and are used in secure communication.

Deficiencies of Chawla:
While Chawla teaches an “encrypted purchase token,” it does not teach the encryption of the payment data itself. (Id. at 0208.) However, Examiner submits, given the state of the art and the plurality of ways encryption is used (e.g. creating secure channels), it is always obvious to encrypt the transaction data itself rather than a token corresponding to a token. (See, generally, Id. at 0289, 0294.) Additionally, it is always obvious to reverse a process after a function has been applied (i.e. decryption after encryption). Simply put, the level of skill required for conventional encryption is low. 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filing date to modify combined transaction systems of Chawla-Kloster with the encryption of Pauker by modifying the tokenized encryption during payment found in Chawla with the encryption of transaction data of Pauker in order to make sure sensitive information is not divulged during transactions. (Pauker at 0003.)

Regarding claim 9 Chawla teaches:
wherein the modifying the web page further comprises (Fig. 2A Item 235; 0079 “updated merchant site UI”; see also Fig. 1B Item 120, Fig. 16 Item 1640 (dynamic generation))  transmitting a scripting file to the user device (0069) (Examiner is taking Javascript in Chawla as a scripting language. For example, the XML used in Chawla is a “package,” Chawla at 0069. See also 0152 (disclosing XML and Javascript Object Notation (JSON) for API request data), 0207 (specifying script type as javascript in <body> tag). This packaged is “readable by the determined source language 142b[,]” which may be at least Javascript. See also 0148 (disclosing Javascript as part of “scripting commands”.).

Regarding claim 10 Chawla teaches:
wherein the scripting file comprises code (Examiner is taking Javascript in Chawla as a scripting language. For example, the XML used in Chawla is a “package,” Chawla at 0069. See also 0152 (disclosing XML and Javascript Object Notation (JSON) for API request data), 0207 (specifying script type as javascript in <body> tag). This packaged is “readable by the determined source language 142b[,]” which may be at least Javascript. See also 0148 (disclosing Javascript as part of “scripting commands”.) corresponding to a stylesheet language (Examiner is taking “stylesheet” language under BRI in light of the Spec. found in paras. 0021, 0022, 0024, and 0035, which discloses a language for modifying the appearance. Examiner also notes that the language of “corresponding” is merely broad language. Accordingly, the stylesheet language of the button tag <v:buy> corresponds to the Javascript during the custom design process. Compare Fig. 21A Item 2101 (JavaScript) with Fig. 21A Item 2108 (Sample Code))  that implements the style configuration (0065, 0079, 0243 & Fig. 21b).

Regarding claim 11 Chawla teaches:
wherein each data form field in the second set of data form fields is rendered (Fig. 2A Item 235; 0079 “updated merchant site UI”; see also Fig. 1B Item 120, Fig. 16 Item 1640 (dynamic generation)) [in elements] in the web page (Fig. 2A Item 235; 0079 “updated merchant site UI”; see also Fig. 1B Item 120, Fig. 16 Item 1640 (dynamic generation)).
Chawla does not teach:
in a separate iframe… transmitting the…second set of data to a payment processor device…
Kloster teaches:
in a separate iframe (0011 & Fig. 1 Items “2. Payment Information (220) sent to Stripe”, 0042 “prevents them from hitting Merchant’s Servers”; Fig. 3 Item (3))… transmitting the…second set of data to a payment processor device; (Examiner submits that Strip 300 of Fig. 1 communicates with the payment processor 400, see also 0037. Most important, one skilled in the art of web development with knowledge of APIs would appreciate that respective “iframe[s] can communicate with the host it was served from,” see Collison at 0081. Accordingly, multiple iframes with multiple hosts can direct the data multiple ways using API Tunnels with set URLs)…

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filing date to modify the custom generation of merchant widgets teachings of Chawla, which includes the generation of iframes, with the iframes of Kloster in order to obviate security audits associated with merchants since sensitive data does not pass through said merchants. (Kloster at 0003.)

Regarding claim 12 Chawla teaches:
wherein the set of parameters further specifies a particular text for display in the second set of data form fields (0160 & Fig. 7F Item 719).

Regarding claim 13 Chawla teaches:
wherein the set of parameters further specifies a plurality of appearances (0065, 0079, 0239, 0243-0244) for a plurality of corresponding element states for the second set of data form fields (0226; Table below 0226 Items “handVmeEvents” for function and “handleVmeEvents” set by (Examiner notes that the “element states” are taught by the Event Types, see Table below 0225. Further, it can be appreciated by a POSITA that the <v:buy> tags can be augmented with the widget skills, see 0242-0243, in a non-limiting manner.).

Regarding claim 14 Chawla teaches:
wherein the…second set of data comprises credit card data (0213, Table below <creditcard_number>, 0215), and wherein the performing the transaction comprises charging a credit card based on the credit card data (0213 “payment authorization”, 0215).
Neither Chawla nor Kloster teach:
decrypt [credit card data] 
Pauker teaches:
decrypt [credit card data] (0022-0025, 0046,  0069-0070)

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filing date to modify combined transaction systems of Chawla-Kloster with the encryption of Pauker by modifying the tokenized encryption during payment found in Chawla with the encryption of transaction data of Pauker in order to make sure sensitive information is not divulged during transactions. (Pauker at 0003.) Further, after receiving cipher text, it is always obvious to reverse the process to retrieve an original message. (MPEP 2144.04(IV)(C).)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DENNIS G KERITSIS whose telephone number is (313)446-6591.  The examiner can normally be reached on Mon-Fri 9:00-5:30.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hayes John can be reached on (571) 272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DENNIS G KERITSIS/Examiner, Art Unit 3685                                                                                                                                                                                                        
/OLUSEYE IWARERE/Primary Examiner, Art Unit 3687